Last edit by: MasterGeek
From Starwood Lurker team :
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Please visit info.starwoodhotels.com for more information about this incident, available resources and steps you can take.
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.
http://uk.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11?r=US&IR=T
https://www.prnewswire.com/news-releases/marriott-announces-starwood-guest-reservation-database-security-incident-300758155.html
You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Starwood/Marriott Data Breach 500 Million Guests affected, Marriott fined £18.4m
#78
Join Date: May 2003
Location: LCY
Programs: SQ Krisflyer, QR Privilege Club, MB LT Plt (1K+ nights thx MB)
Posts: 1,038
Wow what a fiasco of a merger... It is really not that interesting if we attribute this to SPG Mickey Mouse security protocols or a subpar due diligence by Marriott the end result is a fiasco merger at best or catastrophic merger at worst. Mr Sorenson should thank his lucky star if he survives this.
#79
Join Date: Dec 2017
Posts: 746
"Boss, we discovered hackers have access to the Starwood stay database. I just need your word to lock it down while we close it."
"Hold on there a second, we might lost some bookings. Tell you what, let's move the January integration target up to September since the Marriott stay database is clean. That will fix the security hole just fine."
"Hold on there a second, we might lost some bookings. Tell you what, let's move the January integration target up to September since the Marriott stay database is clean. That will fix the security hole just fine."
#81
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
As far as what can be done, the faq on info.starwoodhotels.com is pretty comprehensive if actually read. The likelihood that someone would be able to acquire a credit line without a social security number might make a credit freeze excessive as a response to this specific breach (although a good measure anyways given other data breaches and just general safety of ones credit).
If you feel the information is not complete or is hard to find, might I suggest editing the wikipost on this thread instead? That way it's a centrally updated source visible regardless of the page one visits in this thread that can be updated by the community. Other than what Marriott has already provided via Kroll, I can't think of any other precautions at this time or info to provide.
Besides, the rewards programs were merged on 08/18 and Marriott.com was the central booking site, but booking any SPG hotel just took you over to the starwoodhotels.com subdomain - because the Starwood hotels were still using the legacy PMS at that time (over the past few weeks and coming months some properties have transitioned the properties to OPERA/Marriott reservations backend - PMS transition only happened at the end of October for Sheratons, for instance). That's why guest data post 08/18 (up until September 10th) is affected by this breach, but only at Starwood properties that still used the Starwoodhotels.com domain & Starwood reservations system.
With Marriott only decrypting the data dump on their servers on November 19th, that doesn't leave a lot of time for an exhaustive analysis to de-duplicate reservation records down to individuals (and the above factors making absolute de-duplication impossible anyways).
Marriott themselves on info.starwoodhotels.com uses the terms:
Originally Posted by "Marriott
Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.
Last edited by phltraveler; Nov 30, 2018 at 8:39 am
#84
Join Date: Jun 2008
Location: BDU
Programs: DL:MM, Marriott:LTT
Posts: 8,779
As I made post #48 , I don't think that it's useless finger pointing to point out that the breach started under Starwood but Starwood's liabilities are Marriott's, and express disbelief that a system that Marriott had been working on integrating with their own website/rewards IT for over two years remained compromised throughout the entire integration period, including after the Single loyalty program/website integration on 08/18, and that the security breach was only found after they had integrated the starwood reservation system/servers with Marriott.com and Marriott Rewards. Given that it's another failure on the part of the combined Marriott/Starwood from an IT perspective, groaning is going to come with the territory.
.
.
Wow what a fiasco of a merger... It is really not that interesting if we attribute this to SPG Mickey Mouse security protocols or a subpar due diligence by Marriott the end result is a fiasco merger at best or catastrophic merger at worst. Mr Sorenson should thank his lucky star if he survives this.
Last edited by CJKatl; Nov 30, 2018 at 8:58 am
#87
Join Date: Nov 2014
Location: New York
Programs: MB-LTT , HH-Diam., HGP-Expl.
Posts: 778
Bottom line: There was a breach. We need more information so we know if/what we need to do to protect ourselves. Do we really need the finger pointing? Does everything need to turn into an SPG-MAR circular firing squad?
Can we please allow this thread to help people learn about the breach and what needs to be done without cluttering it and making unusable because people want to use the breach as another point in their pre-existing need to brag about a program that no longer exists?
Can we please allow this thread to help people learn about the breach and what needs to be done without cluttering it and making unusable because people want to use the breach as another point in their pre-existing need to brag about a program that no longer exists?
The credit cards I use and store on a company's website are rarely one of the ones I use for everyday spending. Since my Starwood Luxury card is rarely used anywhere except MPG hotels, it isn't that much of an issue if I need to cancel it.
At this point, enough providers I use have been hacked that I assume that my address, phone number and birthday have been widely disseminated. Although my passport info isn't on any hotel websites, I have stored it on some airline sites.
#88
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
What happens if you use a corporate TA or other 3rd party TA to make a booking with international travel that includes a Starwood hotel along with airfare and rental car? Since it's all on the same booking in the GDS, would the passport be potentially transmitted as part of the booking info sent to Marriott?
#90
Join Date: Nov 2014
Location: New York
Programs: MB-LTT , HH-Diam., HGP-Expl.
Posts: 778
What happens if you use a corporate TA or other 3rd party TA to make a booking with international travel that includes a Starwood hotel along with airfare and rental car? Since it's all on the same booking in the GDS, would the passport be potentially transmitted as part of the booking info sent to Marriott?